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(57) Abstract: The present invention provides a system for creating an application software environment without changing an 
operating system of a client computer, the system comprising an operating system abstraction and protection layer, wherein said 
abstraction and protection layer is interposed between a running software application and said operating system, whereby a virtual 
environment in which an application may run is provided and application level interactions are substantially removed. Preferably, 
any changes directly to the operating system are selectively made within the context of the running application and the abstraction 
and protection layer dynamically changes the virtual environment according to administrative settings. Additionally, in certain em- 
bodiments, the system continually monitors the use of shared system resources and acts as a service to apply and remove changes 
to system components. The present thus invention defines an "Operating System Guard." These components cover the protection 
semantics required by DLLs and other shared library code as well as system device drivers, fonts, registries and other configuration 
items, files, and environment variables. 
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OPERATING SYSTEM ABSTRACTION ANB PROTECTION LAYER 

This appHcatioa is a continuatioii-iii-pait of U.S. Pateat AppHcation No. 

09/456,181 , the entirety of whicli is iacoiporated herek by reference as if fiilly 

setfbitL 

The presmt inventiosu relates to compute software, and more paxticnlarly to 
operating system software. 

BACKGIIOIJND OF THE INVENTIO>f 

la many environmeats; but paidculaily in envirQaments ipAere an appfication is 
delivered yia a netwodc, the most inq>Qrtant feature is an ability to ran applications on tiie fly, 
without a oonoptexinstaOation. TypicaIfy,incertampnor art systenis;, great piunswecet^ 
to modify a client system to appear as if a program was installed, or to actually instafl the 
software itseli^ and ftenba<^ out these modifications to restore the 01^^ M 
doing Ais^ mnlt^le problems present themselyes: conflicts between an q^plication and the 
computer's current configuration, mah^le instances of the same or d£Eerent applications, 
conoplexity of Hie back out process xequii^ an applicadsm to be put thxoug^ a rtgonms process 
to ensure all of its modifications can be accounted for, and the use of ^lared files and system 
components by nnilt^ie appficatims conq^Iicates back out and tlie installation process. . 
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SUMMARY OF TBDB INVimiON 



The present invention provides a system for creating an application software 
environment w&iioat dianging an operating system of a client con^uter, the system 
conqpii^g an operating system abstraction and protection layer, wherein said abstraction 
and protection layer is xntetposed^etween a running software application and said 
operating system, i?Aereby a virtual environment in whicb an q>plication may run is 
provided and qspHcation level interactions are substantialfyrenioved. Pre&rably, any 
changes directly to the q^eradng system are selectively made wifliin the context of the 
runmng application and the abstraction and protection layer dynamically changes the 
virtual environment according to adnunistrative settzz^. Additionally, in certain 
embodiments, the system continually monitors Ihe use of shared system resources and 
acts as a service to apply and remove dianges to system components. 

Thus, fi>r exanple, in embodiments within V/lndows-based operating systems, 
and wherem all op erations to the Windows Registry are through the 2 API, the 
sfystem preferably provides a means for hooldng fimctions» whereby each time said 
functions are invoked another fimction or application intercqits the call, and the system 
most preferably hooks each appropriate API iBmction to service a request whether made 
by an q^plicaticm run ftom a server or if made by an application against a ccmfiguration 
key being actively managed 

In other preltoed embodiments of the present invention, additional fimctionality 
is provided, such as those embodiments wherein the operating system abstraction and 
protection layer manages the integration of multiple instances of an application by 
recognizing how many instances of an application are running, and in such embodiments 
most preferably it also avoids making changes on startup and shutdown unless there is 
only one application instance running. In this embodiment it is also possible to support 
muhi-us^ operating systems in which multiple instances of an application can be running 
on behalf of different users. 
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Thus^ the operating system abstraction and protection layer pres^s an 
environment to an appficatioa that appears to be an installation environment without 
performing an installation, whereby a *^seudo instaHalion" is created in ^v^ch all of the 
settings are brougjbt into a virtual environment at fhe time the Qrintiie 
case of an installed application, acts to dynamicaEy modify the bduivior of the 
application at nm4ime. Preferred embodiments provide a means for preventing 
information on the distrt conqmter firom interfering or modifying the behavior of an 
application, and most preferably provide a means for dyoamically changmg the virtual 
environment according to administrative settmgs. As mentioned above, in certain 
embodiments it vnSl be possible to have more than one instance of a smgle software 
application nnming on the same client computer, even if it was not origtaally authored to 
do. so. In such embodiments, shared, controlled contexts are provided in yAdch at least 
two ofsaid instances ofa single appHcation share one or nu)re virtual settmgs. • 

BRIEF DESCXOFnON OF THE DRAWINGS 

HG. 1 is a block diagram schematic showing ^e relative relationshq) of the present 
invention, an operating system and a software applicatkm; 

FIG. 2 is a block diagram schematic showing 

HG. 3 is a block diagram schematic showmg 

FIG. 4 is a block diagram schematic showing 

DETAILED DESOOFEION OF THE FBEFEKRED EMBODIMENTS 

Se&xxing now to FIG. 1, there is iOustrated a btodi: diagram sdbematic showing the 
relative relationshp of Ihe.present invention, an cp&Ag system apd a software plication. 
Tre&xred embodiments of the present invention provide an operating qrstem abstraction and 
protection layer 100 denommated an ''Operating System Goard." btemally, many operating 
systems 10 provide &ult domains to protect applications 50 fiom affectmg each other v^^en 
nuL However, shared systean resources and many other operating 9^ 
protection domain to be coicpromised. An operatiag system abstraction and protection layer 
100 provide an additional, progiammatically contmlled barder between plications 50 to 
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remove most appficadon level interactiQiis. loosed between fhe application SO and operating 
system 10 fhe operating system abstraction and protection kyer 100 sefectively allows 
dianges directly to flie opiating system 10, versos contmning fbe (ftiange widnn context of 
the nnuiing applicatioa For one exaiiq>le, in Window&based systems, aO operatioas to the 
Windows Regjstiy are t^kally done throng fhe Win32 APL As explained bdbw, system 
fimctions like QoeryRegEx and GetProfileString can be hooked so that each time liiey ate 
invoked, another function or application mterceptsfhe call The Operating System Guard 100 
of fhe present invention will hook each appropriate API fimcdon to service tiie request, i£ 
made by an application being actively managed or if made by an q^ficatioii against a 
configuration item being actively nsanaged. Bifhis way, nnlesse^qplicittycanfignied to do so^ 
the present invention can create the srppfication environment without maldng any actual 
dianges to the end-user's system Also, any modifications made at ranrtime by fhe 
application can be posisted or removed easily. 

As used herein the term ^'Operating Systjem Guard" defines a layer between a 
running application and fhe operating system of a target computer or client conqrater that 
provides a virtual environment m\vhich an appficationix^ Thisvirtual 
environment bas several purposes. First, it prevents a running application ficomnaaking 
changes to fhe client conoputer. If an application attenq^ts to change underlying qperatmg 
system settings of a client computer, sucb settmgs are protected and only ^^de" in the 
virtual environment. For ^eanople, if an application attex]:q>ts to change the version of a 
shared object like MSVCRT DLL^ this change is localized to the appUcation and the code 
reddent on the client computer is left untouched. 

Second, the inventkm presents an environment to a running application that 
appears to be an installation environment without performing an installation, and is thus a 
'^seudo installation" or "instaUation-like.'' All of tiie settings are brougjit into a virtual 
environment at the time the application being served runs, or just-in-time when the 
application needs the particular setting. For exani^le, if a computer program sudi as 
Adobp Photoshop® expects to see a set of Windows Registry entries under 
HKEYJLOCAL_MACHIME\Sofiware\Adobe and they are not tiiere on fhe client 
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computer since Photo^op was never installed, a system made in accordance with this 
aspect of the present invention will "shoV those re^stry entries to the Photoshop 
programming code exactly as if they were resident on the client computer. 

Nfext, the invention prevents information that may exist on the cUentAisers 
machine from interfering with or modifying the behavior of an appfication. For exanqile^ 
if the user has akeady existing registry entries under: 

HKEyjLOCALJ/IA<3nNE\Softwaie\Adobe 
&r an older version of Photoshop, but now wishes to operate a newer version, these 
entries can be hidden from the new application to prevent conflicts. 

Finally, the present invention unlocks application behavior that may not exist as 
the application is currently written. It does this through the ability to dynamically change 
the virtual environment according to administratiye settings. For example, hi a typical 
instance of an enterprise software application, a client application may expect to read a 
setting for the address of the database to which the user should connect from a setting in 
the registry. Because this registry key is often stored m HEOEYJLOCAL^MACHINE, the 
setting is global fox the entire client con^uter. A user can only connect to one database 
without reinstalling the client, or knowmg how to modify this registry key, and doing so 
each time they wish to run the application. However, by inq)lementing tiie present 
-invention, two instances of the application may. now run on the same client conqiuter, 
each connecting to a difEerent database. 



CONTEXTS 

Jb. providing this frmctionahty, each application is able to run in a private context 
within the system To the application, it has its own private view ofv^at the system 
looks like and its behavior. The present invention provides this by its inherent nature. 
Kefetring to FIG. 2, two separate applications 52,54, or two instances of the same 
application (50 illustrated in FIG. 1), can be provided private cont^its in vAmik they will 
appear to have separate or differing copies ofsystem services, configuration and ^ 
the preferred einbodiment, this is the default behavior of the system 
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By extending this coiicq)t, the Operating System Guard 100 of the present 
invention can also provide shared, controlled contexts in which two or more applications 
52,54 can sbare some or all of iheir virtual settmgs. This is inq)ortant for application 
suites sack as Microsofi Office, or for appHcations that perform differently in the 
presence of other applications. For exanq)le, many applications use Microsofi Word as 
anengmefor doing Mail Merge or docvmimt creation £mctioiiality. The applicatidn 
most know about the installation or presence of Word and be able to tap into its 
functions. In the preferred embodiment, two instances of the same application will sliare 
a smgle context by default, while two separate applications will maintain private 
contexts. Referring to FIG. 3, the two applications 52,54 can run while the Operating 
iystem Guard 100 provides a shared view of the available system resources. 

)£SIGN 

As ilhistrated in HG. 4, the Operating System Guard is con^rised of the 
bOowing subsystems: core 102, configoiation maimger 104, file manager 106, shared 
ibject manager 108, device manager 110, fimt manager 112, process manage 120, 
irbcess environmient manager 114, loader 116, and recovery manager 118. With the 
xception of the core 102, the process manager 120, and the loader 116, all other 
ubsystems are elements of the Virtuahzation System described in further detail below, 
rhe core 102 is prfanaiily respansible for manag^g applications and their context as 
lefined by the configuration files. 

The process manager 120 provided by the Operating System Guard allows the 
.ore 102 to be informed of any process or thread eventthat may be of interest. It also 
»rovides an abstraction layer to the operating system-dependent in^lementations for 
nanaging a process space and handling thread processing. Processes maybe grouped 
ogether into application bundles. An application bundle is a group of processes vMch all 
hare their virtual resources with each other. For example, Microsoft Word and WBcrosoft 
sxcel may want to share the virtual registry and virtual file system to be able to work 
ogether "as an application suite. The process manager 120 calls these application bundles 
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"applications". The infonmtioii about an application exists until the process manager 120 
is told to release the application. If another process needs to be loaded into the application 
bundle, it may do so as long as the application has not been released. 

The loader subsystem 1 16 of flie present invention is used to allow virtual 
environments to be transferred into and out of the running system. Each of the 
Virtualization Subsystems is capable of serializing its configuration for the loader 1 16, 
and retrieving it through the reverse process. In addition, the loader 116 is capable of 
staged loading/unloading and combining theresohs of individual stages into one single 
environment description. 

BEGXSTRY AND CONFIGURATION 

Applications require varying amouiKts of configuration information to operate 
propedy. Anywhere firom zero to thousands of configuration records exist for vMch an 
application can read its configuration On Windows, there are two coxmnon places for 
configuration information, the Windows Registry and system level initialization files 
win.ini and systemini In addition, the \WINDOWS\SYSTEM directory is a cominon . 
place for applications to write application ^ecific configuration or initialization files. 
Applications will also use configuration or data files in their local application dkectones 
to store additional configuration information. Often this in&rmation is di£5ciilt to deal 
with, as it is in a proprietary format. On platforms other than Windows, there is no 
equivalent of the Registry, but common directories exist for configuration information. X 
Windows has an app-defaults directory. Macintosh has the System Folder, and other 
operating systems will have corresponding elements. It is important to note that on most 
UNIX systems^ each individual application 52,54 will most often store its own 
configuration 152,154 locally, as seen in FIG. 2. 

The present invention, in one embodiment, includes a virtual Windows Reg^stiy 
.conq)onent, yAnch will provide a fidl fimction registry to an appKcation, but prevent 
modification to the underlying system registry. All keys that an application ejqpects to 
access will be present, bxit may only exist in the virtual registry. In this way, the 
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Operatmg System Guard 100 of the presoit invention and the Windows R^stty form a 
two-stage process fiir accessmg the registry. If an appfication needs access to a key, it 
A^^gaerytheRfigistiy. The Operatkg System GoaidwiU respond with 
vahieifit knows it. Otherwise, it wiU.aOow the reqaest to pass through to the Windows 
Kegjstcy. Ifanattenipt is made to modify the vabe, the Operatmg System Guard will 
allow the modification to occm: to itself only The next time the application accesses &e 
key, it will be present in the Operating System Guard and the request will not flow 
through to the real Registiy, leaving it imtouched. 

* The keys that the Operating System Guard uses are specified in three separate 
sections. These Operating System Guard keys are specified as commands in these 
sections to modify an existnig key, delete the presence of a key, or add a new key to the 
n^jbtry. In this way, the virtual registry can appear exactly as the system intends. Thisis 
ixcportant as the presence or absence of a key can be as important as the actual vahie of 
the key. 

In the preferred embodiment, the Operating System Guard first loads a data file 
that contains basic registry entries for the application. Then a second data file is loaded 
that contains the user's preferences. Finally, the Operatmg System Guard can optionally 
load a set of keys that include policy items that the user is not allowed to ovenide. The 
three files load on top of each oilier with duplicate items in each file overriding items in 
the file before it. The first time a user runs an q)plication, the second data file will not 
exist because there will be no us^-spedfic information, only application de&oks. After 
each session, though, the Operatmg System Guard will save the user's changes, 
generating that second data file for use in fixture sessions. 

Configuration files can be modified in two ways. First, the file can be edited 
directly by an application In this scenario, the Operating System Guard File subsystem 
described below will address the modification made to the file. Second, in the preferred 
embodiment, an application can call the Windows API femily of calls GetProfileString, 
WriteProfileString, or others to modify these files. In this case, the Operating System 
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Guard of the present invention perfonns exactly as described above intercepting &ese 
calls and servicing tiiemfirom within. 

SHARED OBJECTS 

Many coixponQnts used by operating systems and nouixng appfications are shared 
across several applicatians or instances* In general, this is a very good idea, fi saves disk 
space, not requiring niany copies of the sanie file. It also provides the ability fin 
operating system vendors and third parties to create and distribatte libraries of commonly 
tised code. On the Windows platform. Dynamic link Libraries, DLLs, are often shared 
vsddiin and across applications. On other platforms, the problem is the same. On the 
Mamtosh, INTTs and other system components are loaded for applications. These 
conponents can have many version^ ofvMch onfy one is used at a time. QnUNDC 
systems, dynamic sJiared objects, e.g., ''.so" library files, are used by applications to 
speed load time, save disk space, and for other reasons. Many programs tise the de&ult 
'libcso." However, lliis library file is typically a symbolic link to some ver^on. of itself 
such as Iibc.so.3. M practice, this &atnre has created havoc. These shared conpoaents 
liave often gone throu^ revision, wi& many versions of the same component available to 
be mstaUed. Application authors liave found thdr software to woik with potentially only 
one or some of the versions of the shared conponent. Thus;, in practice, applications 
typicallyinstaUtheversionlhey desire^ overwriting oth^ present version lliis 
potentially causes de&ults in other applications running on a system. 

On V^dows 98, Windows 2000, lificrosoft has created the Windows Protected 
File System (WPFS).to allow system adnodnistrators to Gceate a file called 
XXXX.LOCAL in the base directory of an application, where XXXX is the executable 
file name without the ext^osioiL This causes the Windows Loader to alter its method of 
resolving path references during LoadLibnoy executio!n& Tliis;, however, is not sufBdent 
to cpnq)lete]y solve tiie probl^n. First, setting up the XXXX file is left to the knowledge 
of the system administrator, vMch varies widely. Second, a conq)onent verdon must 
undergo a rewind back to the origiaal, then install this coxrponent m the local directory, 
and then create the '\LOCAL'' file. This is not a straightforward process &x any but the 
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most basic conq^cmexits placed in W[NDOWS\SySTEM. Also, this soluttan does not 
cover all of the needed fimctionality, Duiing LoadLibrary, Windows uses different path 
lesohition shanties dqpending on whether the con^onent was resolved as a rescdt of an 
e>q)licit or iQ:q)licit LoadLibrary,. and also whether a Re^stry Ki^ exists hidiGating that it 
is a named, or.weD-known, DLL In this case, the LoadLibrary call will always resolve 
to Ae WINDOWS\SYSTEM directoiy. 

DLLs and other shared coirgponents also retain reference cotmt semantics to 
ensure that a con^onent is not touched unless no running applicadons refer to it. in 
practice, oeiy applications firomthe operating system vendor and the operating ^stem 
itself have done a good job of obeying this protocol 

As a general role, it is desired to have a shared object always resolve to the 
correct conqionent. To provide this fimctionality it is required to imderstand the version 
of a con^onent^ or range of versions, that an application is able to fimction with. Then, 
when the application is to be run, the present invention should ensure that the conq»onent 
is resolved correctly. It is accq}table, in the present invention, to automate the use of 
WPFS or other operating system provided capability, if desired. In this case, it is 
necessary to detect needed conog)onents and place them in the local £Ie system This is 
more con^plex than just watching installation, as an installation program will 0&&x not 
install a component if the required one is abeady thore. 

It is desired to identify a method to ensure that named objects are also loaded 
correctly. On the Windows platform, MSVCRT.DLL is a significant culprit within this 
problem area. If multq)le versions of this object axe maintained, the aforementioned 
Registry key can be dynamically changed, allowing the LoadLibrary fimction to resolve 
the correct conq)onent version Another reasonable method of ensuring correct 
conq)onent loading is the dynamic editing of a process environment to use a vaHd search 
path. This search path will ensure that a local con^onent is resolved before -a system 
wide cowponmt Another possible method for resolution of the correct shared object is 
through the use of symbolic links. A symbolic link can be made for a shared conq)onent, 
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Tvbich is resolved at nax-tiine by the coixq)uter's file system to the needed componeiit. 
Finally, the actual open/read/dose requests for infonnation firom a shared object's file 
can be intercepted by the present invention and responded to dynamically &t ihe cotrect 
version of the file which may tsdst on the local system or vdthin the invention's 
subsystems. 

Several special forms exist. On the Wmdows platform, OLE, ODBC, MDXc, ... 
as wen as a number of other vendor specific con^onents, are written to be shared 
globally among several or all rmming processes, in the case of OLE, going as fiir as 
sharing data and memory space between separate processes. OLE prevents more than 
one copy of itself running at a time, as do many of these conq)onents. OLE also has 
many bugs and features requiring a f^ecific version to be loaded for a specific 
application. Li the present invention, an application is able to load whatever version of 
OLE is required, still enabling the shared semantics with other conq;>onents uang the 
same version of OLE. 

In general, unless ^ecifically configured as such, shared objects should be loaded 
privately to ensure conflict prevention. Nothing about the method used to allow a 
conq>onent to be loaded privately should prevent it fioni being unloaded cleanly or 
correctly loading for another software application, wdiether being actively managed by 
the Qperatmg System Guard or not. Tax addition, if the system crashes it is required to 
recover fi-om this crash to a clean state, not having overwritten or modified the 
underlying operating system. 

JEILES 

Many applications use data files within the application to store configuration 
entries or other appiicarion data. The present invention provides a virtual file system 
much like the virtual registry described above. Before the application starts, the present 
invention can load a list of file system changes, including files to hide and files to add to 
the virtual environment or files to redirect to another within the virtual environment. 
Whoever the application accesses or modifies any files^ the Operating System Guard 
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checks if the file must he redirected, and if so, in the prefened embodiment redirects the 
request to a location specified in tibie Operating System Guard configuration. 



If an application tries to create a new file or open an existing file for miting on a 
user's local drive, the Operating System Guard mnst ensure that the file is actually 
created or modified in the redirected location. If the application is reloaded at a later time, 
this file mappmg must be reloaded into the Operating System Guard virtual environment 
When the request is to modify an existing file, which resides on a user's local drive, the 
Operating System Guard must copy the file in question to the redirection point before 
continuing with the request. The redirected files may not be of the same name as the 
original file to ensore safe mapping of file paths. In the preferred embodiment, INI files 
are handled in this way to offer maximam system security while allowing maximiun 
appfication conq)atibility. 

The present invention is particularly usefid for applications delivered ov^ a 
network In such inq^lementations it is important to undorstand that sofl:waie applications 
are made pf several Idnds of data, vdiere the bulk of the files a software application uses 
are most preferably mounted on a separate logical drive. Configuration, including botli 
file based and registry based, can be user ^edfic and system wide. The appfication 
defivery system used should marie each file for which of these types any file is. This 
infotmation provides hints to the Operating System Guard system to act on appropriate^. 

BEVIOlBiaVERS 

Many applications use device drivers or other operating system, level software to 
implement some of its fiinctions such as hardware support or low level interactions 
directly with the qperatmg system, fix the present invention, the Opeiating System Guard 
wfll provide the capability of dynamically, and as possible privately, adding and 
removing these compoiients to an application's virtual ^vironment. 

Many device drivers are built to be dynamically loadable. If *at all possible, it is 
the prdTerred embodiment to load aU device drivers dynamically. If a device driver 
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requires static load at boot time, the user must be presented with this knowledge before 
running the application. Once the system has rebooted, the application should continue 
j&om wiere it left off However, a large percentage of device drivers are not dynamically 
imload^ble. Althou^ it is preferred to dynamically unload the driver, if this cannot be 
acconqpHshed the ddver wiQ be marked for removal on the next reboot, and the user 
should be xnade aware of this. If the application is nm a second time before the next 
reboot, the system should remain aware of the presence of the driver and not attexi^t a 
second installation, waiting for tetmination to remark the con^onent removable at next 
reboot. 

It is iQq)ortant to diaracterize the base similarities and differences, as they exist 
for each device driver class, to ensure the present invention can correctly function. It is 
not truly desired to load and unload device drivers for system hardware that is constantly 
present. . It should be understood that although this is not a preferred enabodiment 'in 
terms of progranmnng ease, it is withm the scope of the present invention and may be 
required for specific reasons, such as the restriction in licensmg agreements for 
applications ihzt are delivered and run using the present invention. 

On uon*Microsofi platforms, device drivers are typically handled very differently. 
]A&cintos3i systems Siq>port both static and dynamic drivers, but they are all installed and 
removed throng the same method. linking with tiie Macintosh system folder will 
provide the necessary support For UNIX systems, device drivers most typically require 
a modification to the running UNIX kernel, followed by a rd)oot This process can be 
very corqplex. In the preferred embodiment, this process is automated; hicluding 
resetting the kernel once tiie application is complete. The general parameters of the 
process are the same'as that described above for Windows applications, the actual process 
steps of conqpilation and persons fomiliar with such operating systenos can carry out 
reiboot. 
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Finally, those of skQl in the axt will understand that it is deaorable to be able to 
recover and remove drivers across ^stem &ilures. Whatever data or processes necessary 
to retain system integrity are therefore a preferred embodiment of the preset invention. 
Those of skill in the art will also appreciate that all types of device drivers might not be 
conveniently or efficiently provided via the present inv^tion, most particolarly those 
associated with permanent hardware attadied devices. 

OTHER ITEMS 

In the present invention, it is recognized that there ar^ several conq^ 
invention, the beihavior or presence of wiiich is different on alternate operating systems. 
These conqponents include fonts, processesi^ environment variables, and others. 

Some appfications require fonts to be instated in order to pet&im.coa Any 
fintts required will be ^edfied in the Operating System Guard's configuration file. The 
Operating System Guard will enable these fonts prior to running the application and if 
necessary remove them aiEterwards. Most systems have a common area for storage of 
fonts in addition to a process for registering them or making the system aware of th^ 
presence, the Operating System Guard will utilize these available methods. 

On Windows, a font is copied to the \WINDOWS\FONTS directory. This 
however does not guarantee that the font is available to the running program. In the 
preferred embodiment, if the program uses the Windows API to access fonts, the font will 
need to be registered with a Win32 API call such as CreateScalableFontResource/ . 
AddFontResomce. This will insert the font into the system font table. Once con5)lete, 
the Operating S3rstem Guard can remove the font vAth another appropriate API call like 
RemoveFontResource, then remove the file from the system As an akeamate • 
embodiment, the Operating System Guard could hook the API functions as described hi 
the virtual registry method. In addition, the Operating System Guard can use its Pile 
subsystem to avoid placing the actual font file m the numing system. 

On Macintosh, the process is extremely similar and based on files h\ the 
Macmtosh system folder and registration activation. On XJWX, however, the process is 
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dependent xtpon the application. Most typically, font xesonrces are added to the system as 
regular files resolved in the proper location, so they can be accessed by name. With 
many Motif systems, a font description needs to be placed into a font resource file, which 
will allow the font to be resolved. The Motif or X application can invoke the font either 
through the resolution subsystem or by a direct call. Recently, many Motif and CDE 
based systems utilize Adobe scalable postscript fonts. These fonts need to managed 
through the Adobe type management system. There are exceptions, however, and as 
stated above, there are alternates to the Windows or other operating system de£mh font 
management systems. The Adobe Type Manager provides some alternate inter&ces for 
this process, as do other third party type management systems. In most cases it siiould be 
decided whether to support the inter&ce or ignore it. The purpose of Operating System 
Guard is not to provide a universal layer for all these systems, only to do so for the 
operating system's own subsystem 

Many applications req[mre environment variables to* be set. This is most common 
on UNLX systems, but is also heavily used by software, which was originally .written on 
UNIX and ported to the Windows operating systems. Applications on the Windows 
operating systems heavily rely on the DOS PATH oavironment variable and often set 
their own application specific entries. On the Windows 9x/Me environm^s, there are 
many environment settings, \^c1l are applicable as at its core is the DOS subsystem If 
an application requires die presence of specific vanables, or values to be set in existing 
environment variables, the required environment variables will be spedfied in ihp 
Operating System Guard's configuration file. The Operating System Guard will set these 
variables for the application's main process when it is launched. As applications do not 
typically change environment settings as they operate, the virtual environment will not 
trap these calls, nor vnH it provide the fiill conq^lement of fimctionality that the re^stry 
and configuration subsystem does. 

RECOVERY 

In some cases shown in the previous sections, actual modifications must be made 
to the operating system This is frequent with device drivers and fonts. In addition. 
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changes can be made to the virtual environment that need to be persisted and available 
the next time an application is run. It is required that the Operating System Guard system 
be able to recover jfrom changes to the system, removing the change from the system at 
its earliest possible opportunity. Alternately, iftiie system cashes during an 
application's execution, the Operating System Guard should track enough information to 
remove any change to the system if it is rebooted or otherwise, and should track the 
changes made to the virtual environment. In the preferred embodiment, this is 
implemented as a transaction log, but can in other embodiments be done as some other 
similar conoponent, which can be read on system startup so that dianges can be backed 
out 

CONTROLLING \TKTUALIZAlION 

An important aspect of the invention relates to control of the many &cets of 
vktualization which the Operating System Guard is capable o£ In the preferred 
embodiment there exists an instramentation program able to ascertain the correct aspects 
of a software system to control Also included is a method to allow admioistrators and 
end users to view and modify those items to be virtualized by the system. 

In the automated program, the application to be controlled is observed in order to 
gauge the aspects of control The automated program is capable of performing this task 
during the installation process of the application, during run-time of the application, or a 
combination of both. In the preferred embodiment, the Operating System Guard is 
embedded hi a wrapper application. Post installation, or after one or many uses of the 
software, the wrapper application will query the Pperatittg System Guard for a detailed 
list of all of its actions. From this list of actions, the wrapper appEcation will create the 
configuration files required to load and operate the Operatnig System Guard on 
subsequent uses. 

If used as part of the installation process, the Operatinig System Guard, in the 
preferred embodiment, will act as a virtual layer allowing the installation to be entered 
into its environment only. After the installation, aU of the files, settings, et. aL can be 
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dumped for reload later. la this way, tbe installation wll leave the original system intact 
and will have automatically created the necessaiy configuration files. When used during 
use of the application, the Operating System Guard is ahle to record either differential 
modifications to tbe envnonment, or recodify the configuration files. 

The Operating System Guard will pass its information to the wrapper application 
for post-processing. In the preferred embodiment, in addition to the automatic entries 
that the system can create, the wrapper application is programmed with operating system 
^ecific and application or domain q)ecific knowledge. This knowledge is used to alter 
the output of the process to reflect known uses of configuration items or other entries. In 
tbe pre£eired embodiment, a rules-based system is employed to conq)are observed 
behaviors with known scenarios in order to effect changes to the coding. 

The wrapper application is also used as a viewer and/or editor for the 
configuration output of the process. This editor, in the preferred embodiment, enables a 
system administrator to add, edit, or delete items or groiq)s of items fiom the 
configuration. In observiag the configuration through the editor, the administrator can 
also 0Uike replicas of the configuration, changing specific items as needed to effect 
application level or user custom changes 

Referring now to FIG. 1, aa enibodiment of the present invention is ilhistrated 
fimctionally. Li this embodiment, two sets of implication/user data 60 are illustrated. 
The Operating System Guard 100 keeps the two instances of the application 50 firom 
interfering with one another. In addition, as es^Iained above, tiie operating system guard 
100 serves as an abstraction layer and as such collects commands and communications 
between the application software 50 and the actoal qperatnig system 10 of the client 
conqnzter. As iliastrated graphically by the arrows^ certain commands are betwe^ the 
Operating System Guard and the software plication, this is in distinction to typical 
installations where diese commands would instead be acted upon by the operating system 
itselj^ resulting in changes to the client conq^uter that might not necessarily be wl^at the 
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qpearator intended. On the other hand, other conmiands pass through tihe Operatmg 
System Guard and are then transferred to ibe Operating System itselC 

While this invention has been particular^ skovm and described with references to 
preferred embodiments thereof it ^vill be understood by those skilled in the art tiiat 
various changes in form and details may be made therdn without departing from the 
scope of the invention encon^assed by the appended claims. 
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Wliat is claimed is: 

1. A system for cre^tmg an applicatiaa software environmeDt without changing an 
operating system of a client con^uter, the system conq)iising an operating system 
abstraction and protection layer, ^^erdn said abstraction and protection layer is 
inteiposed between a running software application and said operating system, whereby a 
virtual environment in which an ^plication may nm is provided and application level 
interactions are sub^andally removed. 

2. The system of claim 1, wherein changes directly to the operating system are 
selectively made within the conteTct of the ronning applicalion. 

3. The system of claim 2, whereia the abstraction and protection layer dynamically 
changes the vktoal environment according to administrative settings. 

4. The system of claim 1, wherein the system continually monitors the use of dxared 
system resources and acts as a service to apply and remove changes to system 
coiqponents. 

5. The system of claim 1, wAerein the operating system is a Windows-based operating 
system, and wherein all operations to the Windows Registry and .ini files are through the 
Win32 API, the system fiirther con^rising a means for hooking fimctions, whereby each 
time said functions are invoked another fimction or application intercepts the call 

6. The sysftem of claim 5, herein the system hooks each appropriate API function to 
service a request wdiether mad^ by an application run from a server or if made by an 
applicatioh against a configuration key.beiag actively managed 

7. The system of claim 1, v^erem said operating system abstraction and protection layer 
manages the integration of multiple instances of an application by recogoizzng how .many 
instances of an application are running. 
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8. The system of claim 7, wherein said operating system abstraction and protection layer 
avoids making changes on startup and shutdown imless there is only one ajpplication 
instance numing. 

9. The system of claim 1, wherein said operating system abstraction and protection layer 
presents an ^vironment to an application that appears to be an installation enviropment 
without performing an installation, whereby a **pseudo installation" is created in which 
all of the settings are brought into a virtual environment at the time the application runs. 

10. Ihe system of claim 9, further con5)rising a means for preventing information on the 
client con^uter £:om interfering or modifying the behavior of an application. 

11; The system of claim 9, &rther conoprising a means for dynamically changing the 
virtual environment according to administrative settings, 

12. The system of claim 9, vdierein more than one instance of a angle software 
application runs on the sa3Die cheat computer, and \^ilerein each of said more than one 
instance connects to a different database 

13. The system of claim 12, ^erem shared, controlled contexts axe provided in wUch at 
least two of said instancy of a single q[)plication share one or more virtual settings. 

14. The system of claim 1, fiirther conqniang a device ddver monitor tiiat receives 
instractions at the time of installation for a particular application. 

15. The system of claim 1, farther conqiriang a virtual ^^^ows Registry conoponent to 
provide a fiiU function registry to an application, but prevoat modification to the 
mderlying system registry. 
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16. The system of claim 1, wherein the operating system abstraction and protection layer 
responds \vith a key and its vahie if said key and value are stored ^hin the operating 
system ahstraction and protection layer, if not stored, the operating system abstraction 
and protection layer allows the request to pass through to the Windows Registry. 

17. The system of claim 16, wherein if an Mempt is made to modify the value of said 
key, the operating system ahstraction and protection layer allows the modification to 
OGCurto itself only. 
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